Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The United States Postal Service [supreg] (USPS[supreg] or Postal Service) is proposing to create a new Customer Privacy Act System of Records (SOR) to support an initiative to centralize Commercial Mail Receiving Agency (CMRA) records into an electronic database, improve the security of the In-Person enrollment process, and consolidate all CMRA paper and electronic records under one new and dedicated SOR. Previous Federal Register Notices for CMRA records that covered the current manual paper record system were published as USPS SOR 840.000, Customer Mailing and Delivery Instructions.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 168 (Wednesday, August 31, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 168 (Wednesday, August 31, 2022)]
[Notices]
[Pages 53512-53514]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-18822]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service[supreg].

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service [supreg] (USPS[supreg] or 
Postal Service) is proposing to create a new Customer Privacy Act 
System of Records (SOR) to support an initiative to centralize 
Commercial Mail Receiving Agency (CMRA) records into an electronic 
database, improve the security of the In-Person enrollment process, and 
consolidate all CMRA paper and electronic records under one new and 
dedicated SOR. Previous Federal Register Notices for CMRA records that 
covered the current manual paper record system were published as USPS 
SOR 840.000, Customer Mailing and Delivery Instructions.

DATES: These revisions will become effective without further notice on 
September 30, 2022, unless responses to comments received on or before 
that date, result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
(<a href="/cdn-cgi/l/email-protection#6414160d1205071d24111714174a030b12"><span class="__cf_email__" data-cfemail="5b2b29322d3a38221b2e282b28753c342d">[email&#160;protected]</span></a>). To facilitate public inspection, arrangements to 
view copies

[[Page 53513]]

of any written comments received will be made upon request. All 
submitted comments and attachments are part of the public record and 
subject to disclosure. Do not enclose any material in your comments 
that you consider to be confidential or inappropriate for public 
disclosure.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or <a href="/cdn-cgi/l/email-protection#79090b100f181a00390c0a090a571e160f"><span class="__cf_email__" data-cfemail="7505071c0314160c35000605065b121a03">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service has determined that the creation of a new SOR is needed to 
support the implementation of an online application for CMRA owners and 
managers to enter the data collected on Postal Service (PS) Form 1583--
Application for Delivery of Mail through an Agent, and to consolidate 
all functions related to the CMRA application, enrollment, and 
administration processes.

I. Background

    A CMRA is a private business, registered with the Postal Service, 
that acts as an authorized agent on behalf of U.S. Postal Service 
customers to accept delivery of U.S. mail at an alternate address 
managed by the authorized agent. Currently, U.S. Postal Service 
customers apply for delivery of mail to a CMRA by voluntarily providing 
selected personally identifying information (PII) to the CMRA and the 
Postal Service via a paper form, Postal Service (PS) Form 1583--
Application for Delivery of Mail through an Agent. The CMRA maintains a 
copy of this application form and provides a paper copy of each 
customer's completed form to the Postal Service each quarter. These 
paper records are maintained in hard-copy form at the respective 
delivery units based on ZIP Code<SUP>TM</SUP>.
    The Postal Service is proposing to convert all decentralized paper 
enrollment records into a centralized electronic database and enhance 
the in-person enrollment process for CMRA agents and customers. CMRA 
owners and managers will maintain an online account with the USPS 
Business Customer Gateway (BCG) portal. The BCG portal will be used to 
access a separate online CMRA registration database. As part of the 
enrollment process, PS Form 1583--Application for Delivery of Mail 
through an Agent, asks customers to produce two valid forms of 
identification, residential and/or business addresses, as well as the 
address to where mail may be forwarded by the CMRA. The CMRA owner or 
manager will enter the information collected on this form into the CMRA 
registration database and upload a legible scanned copy of each 
identification document.
    These proposed changes are designed to standardize the application 
and enrollment process for CMRA customers through a centralized online 
system that will provide increased assurance that mail is delivered as 
addressed and mitigate the risk of fraudulent activity.

II. Rationale for Creation of a New USPS Privacy Act Systems of Records

    As indicated above, CMRA records were previously covered by USPS 
SOR 840.000, Customer Mailing and Delivery Instructions. USPS SOR 
845.000, Commercial Mail Receiving Agency (CMRA) Records is being 
created to support the implementation of a centralized online database 
of customer data collected on PS Form 1583, and consolidate all 
administrative, review and compliance functions related to the CMRA 
process. This new centralized approach and online database is expected 
to improve efficiency, reduce costs, and improve the effectiveness for 
oversight and compliance efforts.

III. Description of the New System of Records

    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, arguments, or comments on this proposal. A 
report of the proposed new SOR has been sent to Congress and to the 
Office of Management and Budget (OMB) for their evaluations. The Postal 
Service does not expect this new system of records to have any adverse 
effect on individual privacy rights. The new USPS Customer System of 
Records (SOR), SOR 845.000, Commercial Mail Receiving Agency (CMRA) 
Records is provided below in its entirety.

SYSTEM NAME AND NUMBER:
    USPS 845.000, Commercial Mail Receiving Agency (CMRA) Records.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters, Eagan, MN Accounting Service Center.

SYSTEM MANAGER(S):
    Vice President, Retail and Post Office Operations, United States 
Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 101, 401, 403, 404.

PURPOSE(S) OF THE SYSTEM:
    1. To administer CMRA application, enrollment and fulfillment 
processes.
    2. To verify a customer's identity when applying for service via a 
Commercial Mail Receiving Agency (CMRA).
    3. To permit authorized delivery of mail to the addressee's agent 
via a CMRA.
    4. To provide for efficient and secure mail delivery services.
    5. To ensure proper delivery of mail as addressed
    6. To protect customers from mail fraud and identity theft through 
identity proofing during the CMRA enrollment process.
    7. To enhance In-Person identity proofing, improve Identity 
Document fraud detection and enable a customer to successfully complete 
identity proofing activities required for access to CMRA services.
    8. To provide customers with the option to voluntarily submit 
scanned images of government issued IDs and other documents for proof 
of identity or current address, that will be used for identity 
verification and to secure mail delivery to the correct recipient.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Customers requesting delivery of mail through an agent via a 
CMRA.
    2. Commercial Mail Receiving Agency (CMRA) owners and managers that 
act as an authorized agent on behalf of U.S. Postal Service customers

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Residential Customer information: Name, address, address 
verification via photocopy of document from prescribed list of 
documents, phone number, email address, date(s) of birth, customer 
ID(s) number and photocopy, expiration dates, signature, Private 
Mailbox application number, customer's authorized representative and 
list of minors receiving mail by a guardian, address that mail is 
forward to, copies of protective court orders submitted by the 
customer.
    2. Business Customer information: Name, address, address 
verification via photo copy of document from prescribed list of 
documents, phone number, email address, date(s) of birth, customer 
ID(s) number and photo copy, expiration dates, signature, Private Mail 
Box application number, business names, and registration information,

[[Page 53514]]

type of business, business registration location, members of the 
business organization who will be receiving mail, customer's authorized 
representative, address that mail is forward to, copies of protective 
court orders submitted by the customer.
    3. Customer Mail Receiving Agent (CMRA) Agency information: Agent 
name, address, signature. Email address, and phone number. Customer 
information collected on PS Form 1583 Application for Delivery of Mail 
Through Agent will be collected and maintained by the CMRA.
    4. Verification information: Photocopies or scanned images of IDs 
and address documents, customer name, address, signature, date of birth 
ID or document expiration date, business name, registration number.

RECORD SOURCE CATEGORIES:
    Customers, designated individuals authorized to collect mail on 
behalf of a customer, and Commercial Mail Receiving Agency (CMRA) 
owners and managers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply. In 
addition:
    a. Information may be disclosed for the purpose of identifying an 
address as an address of an agent to whom mail is delivered on behalf 
of other persons. This routine use does not authorize the disclosure of 
the identities of persons on behalf of whom agents receive mail.
    All routine uses are subject to the following exception: 
Information concerning an individual who has filed an appropriate 
protective court order with their CMRA application will not be 
disclosed under any routine use except pursuant to the order of a court 
of competent jurisdiction and subject to the approval of the USPS 
General Counsel.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated databases, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By Commercial Mail Receiving Agency (CMRA) location, customer name, 
address, private mailbox number, or by customer ID(s).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Records related to CMRA customer applications are retained for 2 
years after the private mailbox is closed.
    2. Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedures below and Record Access Procedures 
above.

NOTIFICATION PROCEDURES:
    Customers wanting to know if information about them is maintained 
in this system pertaining to mail delivery by agents, noncompliant 
mailboxes, must address inquiries to their local postmasters. Customers 
should include name, address, and other identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Sarah Sullivan,
Attorney, Ethics & Legal Compliance.
[FR Doc. 2022-18822 Filed 8-30-22; 8:45 am]
BILLING CODE 7710-12-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>